From 657297a738ec755dee9e63586fa87b4c0273f945 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sat, 7 May 2011 11:44:15 -0700
Subject: [PATCH] clean the last bits of KRB4 support in KDC

---
 kdc/config.c         | 49 --------------------------------------------
 kdc/connect.c        | 10 ---------
 kdc/default_config.c | 39 -----------------------------------
 kdc/kdc.h            |  9 --------
 4 files changed, 107 deletions(-)

diff --git a/kdc/config.c b/kdc/config.c
index 65c6c0192..ad71e158d 100644
--- a/kdc/config.c
+++ b/kdc/config.c
@@ -50,10 +50,6 @@ static int require_preauth = -1; /* 1 == require preauth for all principals */
 static char *max_request_str;	/* `max_request' as a string */
 
 static int disable_des = -1;
-static int enable_v4 = -1;
-static int enable_kaserver = -1;
-static int enable_524 = -1;
-static int enable_v4_cross_realm = -1;
 
 static int builtin_hdb_flag;
 static int help_flag;
@@ -61,8 +57,6 @@ static int version_flag;
 
 static struct getarg_strings addresses_str;	/* addresses to listen on */
 
-static char *v4_realm;
-
 char *runas_string;
 char *chroot_string;
 
@@ -82,24 +76,6 @@ static struct getargs args[] = {
     },
     { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support",
    	 NULL },
-    {	"524",		0, 	arg_negative_flag, &enable_524,
-	"don't respond to 524 requests", NULL
-    },
-    {
-	"kaserver", 'K', arg_flag,   &enable_kaserver,
-	"enable kaserver support", NULL
-    },
-    {	"kerberos4",	0, 	arg_flag, &enable_v4,
-	"respond to kerberos 4 requests", NULL
-    },
-    {
-	"v4-realm",	'r',	arg_string, &v4_realm,
-	"realm to serve v4-requests for", NULL
-    },
-    {	"kerberos4-cross-realm",	0, 	arg_flag,
-	&enable_v4_cross_realm,
-	"respond to kerberos 4 requests from foreign realms", NULL
-    },
     {	"ports",	'P', 	arg_string, rk_UNCONST(&port_str),
 	"ports to listen to", "portspec"
     },
@@ -262,15 +238,6 @@ configure(krb5_context context, int argc, char **argv)
 	}
     }
 
-    if(enable_v4 != -1)
-	config->enable_v4 = enable_v4;
-
-    if(enable_v4_cross_realm != -1)
-	config->enable_v4_cross_realm = enable_v4_cross_realm;
-
-    if(enable_524 != -1)
-	config->enable_524 = enable_524;
-
     if(enable_http == -1)
 	enable_http = krb5_config_get_bool(context, NULL, "kdc",
 					   "enable-http", NULL);
@@ -286,9 +253,6 @@ configure(krb5_context context, int argc, char **argv)
 	krb5_errx(context, 1, "enforce-transited-policy deprecated, "
 		  "use [kdc]transited-policy instead");
 
-    if (enable_kaserver != -1)
-	config->enable_kaserver = enable_kaserver;
-
 #ifdef SUPPORT_DETACH
     if(detach_from_console == -1)
 	detach_from_console = krb5_config_get_bool_default(context, NULL,
@@ -305,12 +269,6 @@ configure(krb5_context context, int argc, char **argv)
     if (port_str == NULL)
 	port_str = "+";
 
-    if (v4_realm)
-	config->v4_realm = v4_realm;
-
-    if(config->v4_realm == NULL && (config->enable_kaserver || config->enable_v4))
-	krb5_errx(context, 1, "Kerberos 4 enabled but no realm configured");
-
     if(disable_des == -1)
 	disable_des = krb5_config_get_bool_default(context, NULL,
 						   FALSE,
@@ -323,13 +281,6 @@ configure(krb5_context context, int argc, char **argv)
 	krb5_enctype_disable(context, ETYPE_DES_CBC_NONE);
 	krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE);
 	krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE);
-
-	kdc_log(context, config,
-		0, "DES was disabled, turned off Kerberos V4, 524 "
-		"and kaserver");
-	config->enable_v4 = 0;
-	config->enable_524 = 0;
-	config->enable_kaserver = 0;
     }
 
     krb5_kdc_windc_init(context);
diff --git a/kdc/connect.c b/kdc/connect.c
index c6f668245..0ef7084f9 100644
--- a/kdc/connect.c
+++ b/kdc/connect.c
@@ -148,16 +148,6 @@ add_standard_ports (krb5_context context,
     add_port_service(context, family, "kerberos-sec", 88, "tcp");
     if(enable_http)
 	add_port_service(context, family, "http", 80, "tcp");
-    if(config->enable_524) {
-	add_port_service(context, family, "krb524", 4444, "udp");
-	add_port_service(context, family, "krb524", 4444, "tcp");
-    }
-    if(config->enable_v4) {
-	add_port_service(context, family, "kerberos-iv", 750, "udp");
-	add_port_service(context, family, "kerberos-iv", 750, "tcp");
-    }
-    if (config->enable_kaserver)
-	add_port_service(context, family, "afs3-kaserver", 7004, "udp");
     if(config->enable_kx509) {
 	add_port_service(context, family, "kca_service", 9878, "udp");
 	add_port_service(context, family, "kca_service", 9878, "tcp");
diff --git a/kdc/default_config.c b/kdc/default_config.c
index 1441c3161..0be5cc556 100644
--- a/kdc/default_config.c
+++ b/kdc/default_config.c
@@ -55,10 +55,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
     c->allow_null_ticket_addresses = TRUE;
     c->allow_anonymous = FALSE;
     c->trpolicy = TRPOLICY_ALWAYS_CHECK;
-    c->enable_v4 = FALSE;
-    c->enable_kaserver = FALSE;
-    c->enable_524 = FALSE;
-    c->enable_v4_cross_realm = FALSE;
     c->enable_pkinit = FALSE;
     c->pkinit_princ_in_cert = TRUE;
     c->pkinit_require_binding = TRUE;
@@ -70,19 +66,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
 	krb5_config_get_bool_default(context, NULL,
 				     c->require_preauth,
 				     "kdc", "require-preauth", NULL);
-    c->enable_v4 =
-	krb5_config_get_bool_default(context, NULL,
-				     c->enable_v4,
-				     "kdc", "enable-kerberos4", NULL);
-    c->enable_v4_cross_realm =
-	krb5_config_get_bool_default(context, NULL,
-				     c->enable_v4_cross_realm,
-				     "kdc",
-				     "enable-kerberos4-cross-realm", NULL);
-    c->enable_524 =
-	krb5_config_get_bool_default(context, NULL,
-				     c->enable_v4,
-				     "kdc", "enable-524", NULL);
 #ifdef DIGEST
     c->enable_digest =
 	krb5_config_get_bool_default(context, NULL,
@@ -180,28 +163,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
 	}
     }
 
-    {
-	const char *p;
-	p = krb5_config_get_string (context, NULL,
-				    "kdc",
-				    "v4-realm",
-				    NULL);
-	if(p != NULL) {
-	    c->v4_realm = strdup(p);
-	    if (c->v4_realm == NULL)
-		krb5_errx(context, 1, "out of memory");
-	} else {
-	    c->v4_realm = NULL;
-	}
-    }
-
-    c->enable_kaserver =
-	krb5_config_get_bool_default(context,
-				     NULL,
-				     c->enable_kaserver,
-				     "kdc", "enable-kaserver", NULL);
-
-
     c->encode_as_rep_as_tgs_rep =
 	krb5_config_get_bool_default(context, NULL,
 				     c->encode_as_rep_as_tgs_rep,
diff --git a/kdc/kdc.h b/kdc/kdc.h
index 139b5e708..f5e38e217 100644
--- a/kdc/kdc.h
+++ b/kdc/kdc.h
@@ -64,15 +64,6 @@ typedef struct krb5_kdc_configuration {
     krb5_boolean allow_anonymous;
     enum krb5_kdc_trpolicy trpolicy;
 
-    char *v4_realm;
-    krb5_boolean enable_v4;
-    krb5_boolean enable_v4_cross_realm;
-    krb5_boolean enable_v4_per_principal;
-
-    krb5_boolean enable_kaserver;
-
-    krb5_boolean enable_524;
-
     krb5_boolean enable_pkinit;
     krb5_boolean pkinit_princ_in_cert;
     const char *pkinit_kdc_identity;